Force password allows a user to not actually change their password.

Force password allows a user to not actually change their password.

Aug-16-12 06:28:37

I see your point that the password is one way encrypted as to why you cannot force the user to change it.

But all that your component would need to do is validate the form differently with javascript.(the user also could easily just cancel out the process) I agree that this is a handy tool to try and get people to change passwords but without this final verification it is not so good. Im suggesting a way to make it better.

I have posted in the actual joomla forum to make the password verification better in the core and no reply for a long time.

Re: Force password allows a user to not actually change their password.

Aug-17-12 14:21:07

landed,
I'm not sure what you mean by validate the form differently? In general though, yes, there are ways that we could do additional checks on the password in order to ensure that the user has changed it. However, going down that route would take a bit of effort and also cause the plugin to pretty much have to grow into a component (much more complex). Once we were to do some sort of verification the user changed their password, the next (obvious) suggestion would be to implement a security check of x-days and you must change the password.

All are noble goals and things we'd love to implement and use ourselves. Unfortunately, security isn't our area of expertise. This plugin was created for a previous client of ours and their goals were just a simple on-login reminder to change the password. We haven't done much development on it since because a) we don't have the time to do everything we'd love to do and b) we don't want it to have to grow large enough that either we can't support it or would have to start charging for it. We like have some free extensions out there as it's a great way to give back, but we can't focus all the time on them as we can to our paid extensions, as that's what pays the bills.

Hope you understand and hope that, even if limited, the FPW plugin fulfills some of your needs. Still curious about the Javascript checks you mention. If they're easy, we'd gladly look into them.. but couldn't give a timeline for when it could be done.

Thanks again for the feedback, and best of luck!
Alex

If you use our extensions, please consider leaving a rating and review at the Joomla! Extension Directory:JFBConnect | SCLogin